Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Laravel Debug Enabled

By kannthu

Vidoc logoVidoc Module

What is "Laravel Debug Enabled?"

The "Laravel Debug Enabled" module is designed to detect misconfigurations in Laravel applications where the APP_DEBUG setting is enabled. This module targets Laravel, a popular PHP framework used for web application development. The severity of this module is classified as medium.

Author: notsoevilweasel


When the APP_DEBUG setting is enabled in Laravel, verbose error messages may be displayed. This can potentially expose sensitive information about the application's code and configuration, making it easier for attackers to identify vulnerabilities and exploit them.

How the module works?

The "Laravel Debug Enabled" module works by sending an HTTP GET request to the /_ignition/health-check endpoint of the target Laravel application. It then applies matching conditions to determine if the application has debug mode enabled.

The matching conditions for this module are as follows:

- The response body must contain the word can_execute_commands. - The response status code must be 200.

If both conditions are met, the module will report a misconfiguration, indicating that Laravel's debug mode is enabled.

Remediation: Disable Laravel's debug mode by setting the APP_DEBUG configuration option to false.

Metadata: max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: can_execute_commandsand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability